Response to CP 189
General
We have now conducted our review of this paper and attach our comments on the various questions raised.
In conclusion we are becoming concerned at the unnecessary intrusiveness of some of the proposed rules, in both the area of credit risk and the area of operational risk. In the case of credit risk, the detailed nature of the credit rules will result in a lot of wasted effort. In the case of operational risk the focus on loss data remains in our opinion, misguided. We believe that loss data is important in back testing the operational risk structure, rather than as a prime determinant of operational risk. We shall explain our concerns further in our detailed comments on specific questions.
Detailed comments
Q1: We are fully supportive of Option 2 (using the financial institutions external ratings weight), although there are always likely to be problems with this approach. Firstly many institutions will not have external ratings and therefore some form of artificial rating would be required. Secondly external ratings should not in any way replace credit analysis, since by their nature they must follow rather than anticipate regulatory problems.
Q2: We are concerned at any specific single approach being offered here. Our preferred solution would be for a series of options to be made available, each having a similar impact in totality. It is well known that using the HPI for a long held mortgage is generally a poor proxy to the true market value of the property and that institutions do have systems to identify more realistic values where this is appropriate. Such sensible revaluations should also be included within the finally implemented rules.
However we do agree that a reduction in mortgage weighting should be allowed and would expect this to be extended to second and third mortgages under the same basis as the primary mortgage (ie up to 75% of LTV).
Q3: We consider that it is necessary for all institutions to conduct some form of risk assessment for corporate claims and therefore we do not consider that the 100% option should be available.
Q4: This is highlighting a problem with the standardised approach and the illogicality of some of the rules. Clearly there should be a capital incentive to move to the IRB approach from the standardised approach. That this may not be the case is a failure in the detail of the IRB rules.
We recognise that the fudge identified may be the only realistic solution to the problem, but suggest that the reasons that produce the problem should instead be addressed. Effectively you are suggesting dealing with the symptoms rather than treating the illness.
Section 3.14: We are concerned at the level of information required to meet these new requirements and hope that the approach may be reconsidered. The need for institutions to collect data to ensure that the four criteria are met is an unreasonable burden. Instead their own systems should be able to justify the inclusion or exclusion on a reasonable basis agreed with the regulators.
Q5: We do agree that the partial use of the AMA should be allowed, although not for the reasons set out. In some areas of an institution the level of operational risk may be low in comparison with the total operational risk of the total institution. In such cases a more basic approach is all that is required – there is no point in forcing a higher level of measurement onto an institution in areas where this will not add value for that institution to gain the advantages from properly measuring risk in higher risk areas.
Q6: We do not agree with the recommendation, for the reasons set out above. There will be some areas of a business where basic indicator may be appropriate – perhaps a whole subsidiary or division. What should be required is for the institution to justify their combined approach to the regulators and for this to be seen to be in the interests of efficiency and logic.
Q7: We do agree that partial use of BIA and TSA should be allowed, but that the more junior approach should only be permitted for relatively less important parts of the business.
Section 4.17 We are very disappointed with the approach to boundary issues generally. We take the view that losses are either market risk or credit risk if they relate to pricing type issues – and otherwise are operational. The failure of the regulations to properly reflect this causing problems in finalising definitions within institutions, in achieving consistent modelling and in finalising the advanced systems based solutions that are emerging. The comments raised in Section 4.18 highlight the weakness in the current position. We are firmly of the view that the capital structure for regulatory purposes should follow the management structure and hope that this anomaly can be appropriately dealt with.
Q8: We do not agree with the requirement for an institution to maintain three years of loss data. Unless an institution is in a unchanging business environment loss data over a three year period is of not real value to the institution, nor is the trend in such losses representative of the future loss profile for the firm. This lies at the heart of our concerns over this paper.
Operational losses that are expected are dealt with in product pricing. This has nothing to do with capital requirements and therefore these should be removed from the total loss figure.
Losses that relate to products, systems or businesses that the company no longer has are no longer relevant and should also be deleted. Further losses where systems have now been implemented to ensure that the loss could no longer occur should also be eliminated, for otherwise there is the double loss of the loss from the event and the additional cost of the control.
But how can you add the losses for the business you now conduct or the systems you now have and extrapolate them back three years? From our experience losses that are more than a year old are not representative of the institution and are of negligible benefit.
We recognise that loss data is useful in backtesting a operational risk framework and believe that the systems that are available in the marketplace should be able to facilitate such analysis. Our concern is in making this the deadline modelling technique since it is of necessity backward looking.
In terms of a meaningful threshold for capital modelling purposes, this should depend upon the size of the institution. For a major firm perhaps GBP 5m would be sensible – losses below that point are both expected and dealt with in product pricing. You would not put in the same rule for credit risk – so why for operational risk. You could reduce your operational losses by increasing staffing such that every transaction was checked three times – the effect would be to make the business unprofitable. Therefore the level of control implemented is a decision based upon the view of the risk and the adequacy of the control environment.
We therefore hope that the FSA will encourage firms to implement thresholds that actually have something to do with risk, rather than dealing with product pricing issues.
Q9: Whilst I appreciate that there is a lot for institutions to deal with, we would prefer for all of the matters to be exposed to discussions now so that suppliers can design consistent systems to meet these new demands. Otherwise institutions are likely to find that they need to change new solutions to meet changing requirements.
Q10: Yes, although we would have preferred the more flexible approach that you have decided would not be appropriate.
Q11: Again this is due to the failure of the rules to work effectively and the inflexibility that has been built in. Our comments are similar toi an earlier question. Whilst what is being proposed must clearly be correct it is dealing with the symptom rather than seeking out the illness.
Q12: Our main concerns here are in terms of the reliance on external ratings, where we do have significant reservations. However we shall deal with specific questions as they arise in the paper. Our concerns are mostly that this also appears to move away from the more detailed assessment of credit risk that is currently going on within institutions. We are of the view that regulation is most effective when it is a natural consequence of the management structure. We are concerned that the developments are increasingly looking like an administrative burden than does not add any additional value to the organisation.
Section 6.4 We are concerned that there is evidence that firms are now implementing systems for the regulators and separately their own proprietary risk management systems. This appears to potentially be a complete waste of effort.
Q13: We are confident that the corporate governance issues referred to will be deal with effectively and that most internal and external auditors will have the ability to both understand and implement the rules of the FSA and those that management actually uses for risk management purposes. Generally we are finding that the majority of your requirements are already in place, or being developed.
Section 7.7 We applaud this opportunity to move towards a more risk sensitive and logical system and hope that such waivers may be broadly available, with adequate safeguards being in place.
Section 7.15 We note these requirements in terms of credit risk and hope that they will also be applied in respect of operational risk.
Q14: No additional comments
Q15: The main drivers of cost are trying to obtain information in the form required by the regulations when it provides limited benefit to management – being superseded by more detailed information. The consequence is either data mining and data cleansing tools, duplicate systems or detailed manual intervention – all of which are expensive. The systems vendors believe that there is likely to be a requirement for significant sums to be spent and we are already seeing evidence of this.
So there are new and expensive systems, more staffing being hired and new reporting being implemented. The position for credit risk and operational risk is different. Credit risk systems were already developed and therefore the costs are additive with limited value. Operational risk systems were poorly developed and therefore with careful consideration of the requirement institutions should be able to develop systems that increase their efficiency and decision making – effectively paying for the development.
Q16: We are expecting further consolidation between institutions combined with increasing use of outsourcing. We expect choice in the community to reduce as a result of these new regulations.
Q17: I see limited benefits to the institution, or the public, in the credit risk part of the Accord, or in the calculation of capital for the operational risk rules. Perhaps we are cynics, but we suspect that most institutions will still have the same level of capital after all of this additional work!
Where we do see benefit is in the focus on operational risk and the development of operational risk frameworks. This will produce greater protection together with increased profitability and efficiency. We are saddened that the approaches for credit, market and operational risk are so disparate and hope that in time a more consistent approach will be adopted to total risk management.
Q18: We hope that the approach could be even more flexible depending upon the specific requirements of institutions.
Q19: Yes, we believe this should be an option.
Q20: We are not sure that the calculation is quite correct. What should be required is fir the institution to justify to the regulators that a particular portfolio represents a low level of risk. However the guidance of this rule as set out is helpful.
Q21: We hope that the FSA will publish additional roll out plans.
Q22: Firms will be implementing systems to produce the scorecard and we hope that the main vendors will be encouraged to embed these into their solutions. The definitions are not as clear as we would like, as there is clearly overlap between provisioning say and assessment. We would recommend that firms consider all of their credit risk together and move the operational areas into operational risk. The problems with “core” and “broader” appear to be mostly driven by a failure in the operational risk definition.
Q23: The comments on profitability are a little bizarre. That the FSA even considered mandating price highlights the intrusive nature of these proposals. Instead we would have preferred proposals that focussed on objectives and benefits rather than tactics and minor issues.
Q24: The documentation should include staff experience together with the track record of the institution.
Q25: Yes. Interestingly I expect many firms to continue to run duplicate systems long after the end of the parallel run.
3.63 etc The sections to 3.77 are often overlapping with other things that the FSA have published – CP143 for example. These other documents are generally more detailed and more effective in giving the context for the issues raised. I would question whether these are required here as well.
Q26: Yes
Q27: Our main concern is that this is being done in isolation for the IRB approach. This should be firm wide with credit just being a subset. We are concerned that the regulators without benefit could duplicate work.
Q28: We would welcome additional guidance on the independent validation. Is it envisaged that only internal or external audit could undertake this role, or would other executive staff be considered as independent.
Q29: Yes and the same applies to operational risk. It is the lack of similarity of approach that concerns us.
Q30/Q31 The predictive power of such modelling systems is best assured looking at proper neural or Bayesian modelling approaches. The Monte Carlo style of simulation will should the expected true position – which is clearly a curve and not a number where actual figures appear in the distribution will be an indication of the acceptability of the process. We expect to be working with firms in this area.
Q32: We would expect scenario analysis to be incorporated, together with stress testing. This is more than just sensitivity but highlights the key issues that really matter in terms of financial stability.
Q33: We believe the institution should complete the grid in all cases. This is to avoid the system being used as a black box and because they still have ultimate responsibility.
Q34: We agree that there should be help sheets published to provide information but that the approach should remain flexible.
Q35: Yes. The measures are likely to be soft judgements dependent upon the totality of the work conducted by the firm.
Q36: There needs to also be an option in respect of cases where the vendor process does not meet the requirements that you set out.
Q37: We would prefer that a list of services that had been approved would be disclosed to the market. Whilst we recognise that the FSA does not accredit services directly information tat assists firms is of benefit and saves wasted effort on behalf of those that you regulate.
Q38: The difficulties that you have in this area are that you will be both accrediting external vendors and potentially putting a cost burden on firms that some will be unable to meet. This becomes anti-competitive on behalf of the smaller firm. We do not believe that there is any specific data source that must always be used – the information should instead be released as useful guidance to be considered.
Q39: The ability of the model to facilitate stress and scenario analysis should also be included.
Q40: Agreed, although we have concerns at the application of specific percentages and the impact of unrated weightings.
Q41: We are concerned with the “Business Line – Portfolio – Pools” approach, since it is clear to us that some pools will be filled by multiple business lines and that this runs in contrary to efficient credit risk management by counterparty. We applaud the FSA for not setting a minimum pool size.
We are concerned at the “scorecard approach” that is set out in the tables. We do not see risk in these terms and are working with institutions to develop higher levels of modelling technique that properly deal with risk and risk management. The scorecard is an interim step for those institutions that cannot reach more advanced systems and techniques. To require those more advanced institutions to develop the scorecard, as set out cannot make regulatory sense.
Q42: We have a lot of experience of developing quality based scorecard systems and are willing to provide other ideas and suggestions in this area as required. The FSA should consider developing an auto modeller which meets these specific requirements and has pre-programmed weightings built into the system.
Q43: Good question. We think that there will be examples of technical default which should be excluded – for example f there is a legal disagreement which results in the default then this may not be representative of the credit quality of the institution. Another case would be where governmental action enforces a default, with reasonable certainty that the payment will be made in due course.
At the retail level if an individual defaults on a unsecured loan does that mean they will default on a secured loan? Whilst the answer is not necessarily, it is also clear that the first default changes your view on the likelihood of the second default an should be considered.
Q44: Yes
Q45: No. We also welcome the opportunity for firms to use a lower figure for their own purposes. This should not change the 180 days that the FSA requires for regulatory purposes – the two measure are doing different things and both should be used.
Q46: In terms of overdrafts the breach should be meaningful – perhaps a 10% breach, for example.
We do not consider billing date to be relevant at any stage and consider only due date to be significant. We do not like the “refresh” provisions that appear to favour firms that are tardy in acting. Any such firms should be required to utilise a shorter period – say 120 days.
Q47: We are concerned at this provision. If a small subsidiary of a major group is in default, this does not necessarily mean that the entire group is likely to go into default. The better approach would be for the total default provision to be a rebuttable presumption and for the individual institution to explain to the FSA why this should not be the case in specific credits.
Q48: Some guidance needs to be provided as to the level of proof required in such cases. What is not required is for a major and expensive paper chase, which results in firms being contacted to see if they would do a trade that does not actually exist. This would be wasteful and extremely annoying.
Q49: By an institution yes, but for FSA purposes, no.
Q50: We are of the view that any guidance included within CP3 should be transcribed by the FSA into guidance to be incorporated into the rule book.
Q51: We do not like the favoured approach. We believe this needs to take into account the size of the firm and the size of the portfolio, being agreed by each firm with the FSA on a case-by-case basis.
Q52: Yes
Q53: In principle we support this, but await further details in due course.
Q54: Yes. Of course such historic data has all the problems and pitfalls of changing business structures and businesses.
Q55: We do not agree with this approach. The logic should be to use the short-term data and then to use stress testing and scenario analysis to take account of the economic downturn. The applicability of the defaults in a period will take account of a number of factors only one of which is the economic cycle –or sub cycle.
Q56: Agreed unless there is a form of risk mitigation in place which means that zero is in fact achievable, for example transfer to a third party of the actual default risk.
Q57: Yes
Q58: Yes and we applaud this approach.
Q59: Yes, although some further guidance on this would be appreciated.
Q60: We would expect institutions to undertake much greater stress tests than those proposed. The purpose of capital is surely to protect the institution from major systemic shocks, rather than relatively benign routine events. Accordingly we would expect stress tests to be undertaken as a series of increasingly disastrous scenarios, to include both consecutive and cascading risk.
